Make MIC conditional on integrity being requested

If integrity is requested by any party then the MIC, if requested by the server will be generated, otherwise it will not be.
author: Simo Sorce <simo@redhat.com> 2014-04-13 01:45:42 -0400
committer: Simo Sorce <simo@redhat.com> 2014-05-04 17:21:06 -0400
commit: 0af4f35f01fef417b42fbad0a9ad774043d898be (patch)
tree: 56e1b29d187ef00f68a68e7aaca4d124f8df7bbe /src
parent: 21307dc11da9a5cf75167e125aae5c8afa9d6e9d (diff)
download: gss-ntlmssp-0af4f35f01fef417b42fbad0a9ad774043d898be.tar.gz
gss-ntlmssp-0af4f35f01fef417b42fbad0a9ad774043d898be.tar.xz
gss-ntlmssp-0af4f35f01fef417b42fbad0a9ad774043d898be.zip
3 files changed, 6 insertions, 3 deletions
diff --git a/src/gss_sec_ctx.c b/src/gss_sec_ctx.c
index 92dd981..4400bc7 100644
--- a/src/gss_sec_ctx.c
+++ b/src/gss_sec_ctx.c
@@ -400,7 +400,8 @@ uint32_t gssntlm_init_sec_context(uint32_t *minor_status,
                                                   &target_info,
                                                   server_name,
                                                   &client_target_info,
-                                                  &srv_time, &add_mic);
+                                                  &srv_time,
+                                                  protect ? &add_mic: NULL);
                 if (retmin) {
                     if (retmin == ERR_DECODE) {
                         retmaj = GSS_S_DEFECTIVE_TOKEN;
diff --git a/src/ntlm.c b/src/ntlm.c
index d10917f..73934d7 100644
--- a/src/ntlm.c
+++ b/src/ntlm.c
@@ -832,7 +832,7 @@ int ntlm_process_target_info(struct ntlm_ctx *ctx,
     /* the server did not send the timestamp, use current time */
     if (srv_time == 0) {
         srv_time = ntlm_timestamp_now();
-    } else {
+    } else if (add_mic) {
         av_flags |= MSVAVFLAGS_MIC_PRESENT;
         *add_mic = true;
     }
diff --git a/src/ntlm.h b/src/ntlm.h
index 72d62c8..f338bbd 100644
--- a/src/ntlm.h
+++ b/src/ntlm.h
@@ -518,7 +518,9 @@ int ntlm_decode_target_info(struct ntlm_ctx *ctx, struct ntlm_buffer *buffer,
  * @param server                The Client Supplied Server Name if available
  * @param out                   The processed target_info buffer
  * @param out_srv_time          A 64 bit FILETIME timestamp
- * @param add_mic               Whether the caller should generate a MIC
+ * @param add_mic               A pointer to a boolean. If NULL MIC flags will
+ *                               not be set, otherwise if allowed the MIC flag
+ *                               will be set and true will be returned.
  *
  * @return      0 if everyting parses correctly, or an error code
  */
author	Simo Sorce <simo@redhat.com>	2014-04-13 01:45:42 -0400
committer	Simo Sorce <simo@redhat.com>	2014-05-04 17:21:06 -0400
commit	0af4f35f01fef417b42fbad0a9ad774043d898be (patch)
tree	56e1b29d187ef00f68a68e7aaca4d124f8df7bbe /src
parent	21307dc11da9a5cf75167e125aae5c8afa9d6e9d (diff)
download	gss-ntlmssp-0af4f35f01fef417b42fbad0a9ad774043d898be.tar.gz gss-ntlmssp-0af4f35f01fef417b42fbad0a9ad774043d898be.tar.xz gss-ntlmssp-0af4f35f01fef417b42fbad0a9ad774043d898be.zip